Infrastructure Protection Gateway
|
|
- Abraham Dorsey
- 8 years ago
- Views:
Transcription
1 Infrastructure Protection Gateway Our Nation s critical infrastructure is essential to sustaining our security, the economy, and the American way of life. The Department of Homeland Security (DHS), National Protection and Programs Directorate, Office of Infrastructure Protection (IP) leads the coordinated national effort to protect critical infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community. Information systems play a vital role in allowing Federal, State, local, tribal, territorial, and private sector partners to identify, analyze, and manage risk to protect the Nation. The IP Gateway serves as the single interface through which DHS mission partners can access a large range of integrated IP tools, capabilities, and information to conduct comprehensive critical infrastructure vulnerability assessments, risk analysis, event planning, and incident tracking. Source: U.S. Department of Homeland Security Features The IP Gateway provides various data collection, analysis, and response tools in one integrated system, streamlining access to IP s tools and datasets by leveraging a single user registration, management, and authentication process. Highlights of the IP Gateway include: A selection of cyber and physical security survey and vulnerability assessment capabilities; Integrated data visualization and mapping capabilities to support complex data analysis; An array of tools to support critical infrastructure planning and analysis, including a robust data search capability; and A planning and management capability that utilizes consequence, vulnerability, and threat scenario information to support situational awareness, response efforts, and recovery prioritization. IP Gateway Administration and Access The IP Gateway is available to Federal, State, local, tribal, and territorial governments to enhance collaboration and promote cross-government information sharing. System administrators have been established to serve as the primary point of contact for the IP Gateway within their State, locality, tribe, or territory and will be responsible for vetting and granting access to requesting homeland security professionals within their region. To obtain access to the IP Gateway, all users must have a valid need-to-know, complete Protected Critical Infrastructure Information (PCII) Authorized User training and all required IP Gateway system training, and submit an application. PCII Program The Protected Critical Infrastructure Information (PCII) Program is an information-protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data. Contact Us Learn how the IP Gateway can support your organization s homeland security efforts by contacting the IP Gateway Help Desk at IPGateway@hq.dhs.gov or February 2015
2 Protected Critical Infrastructure Information Program The Protected Critical Infrastructure Information (PCII) program protects infrastructure information voluntarily shared with DHS to be used for homeland security purposes. The PCII program was created by Congress in the Critical Infrastructure Information Act of 2002, ensuring that PCII in the government s hands is protected from disclosure Protections PCII cannot: Be disclosed through a Freedom of Information Act (FOIA) request or through a request under a similar State, local, tribal, or territorial disclosure law; Be disclosed in civil litigation; or Be used for regulatory purposes. PCII may only be used by a Federal, State, local, tribal, or territorial government employee or contractor who: Has taken PCII training; Has homeland security duties; and Has a valid need to know that particular information. Source: U.S. Department of Homeland Security PCII is specially marked and must be safeguarded, both physically and electronically, under specific procedures to avoid any improper disclosures. All of these protections ensure that submitted information is protected and is used only by authorized homeland security professionals and used only for homeland security purposes. Uses PCII is used by DHS and other government homeland security professionals to identify vulnerabilities, mitigation strategies, and protective measures. DHS works closely with critical infrastructure asset owners and operators to provide a wide array of services and products to help them protect the Nation s critical infrastructure, and PCII is a key component in these efforts. PCII also allows DHS to collect and protect sensitive security critical infrastructure information, cyber-attack, risk, and vulnerability information to protect the Nation s infrastructure. PCII protections allow access to a vast amount of critical information necessary to detect, deter, and defend against threats to the Nation. Contact Information Learn how the IP Gateway can support your organization s homeland security efforts by contacting the IP Gateway Help Desk at IPGateway@hq.dhs.gov or July 2014
3 Infrastructure Protection Gateway Features Surveys and Assessments These non-regulatory surveys and assessments enable users to gather critical infrastructure data, including security, vulnerability, threat, and consequence information, that provide a complete context to meet users mission-specific needs. This feature ranges from high-level surveys to comprehensive in-depth assessments to evaluate a facility s security and resilience postures. Facility Dashboards The dashboards provide owners and operators with snapshots of their facility s security and resilience posture and compare those results with those of similar facilities across the Nation. The information in the dashboards, derived from completed surveys and assessments, allows owners and operators to develop scenarios to explore potential future improvement options. Events and Incidents Tracker This powerful analysis tool uses the protection and resilience data from completed surveys and assessments to enhance steady state, special event, and domestic incident support capabilities. It enables users to make decisions regarding the impact of various emergencies and to prioritize their planning, protection, response, and recovery efforts. Map View The IP Gateway s map function enables users to drill down and view numerous data layers to specific States, counties, or cities. These layers include static layers, such as facilities-by-sector, daytime population, or street-view pictures, and dynamic layers, such as current wildfire or weather elements. These geographically accurate presentations provide users with an in-depth look at an area s operational situation. Digital Library The Digital Library is a single interface through which users can access a collection of critical infrastructure resources, policy documents, and security and resilience information. This information helps users enhance critical infrastructure protection programs, prepare for and respond to incidents, and research and analyze infrastructure security and resilience data specific to their mission needs. Contact Us Learn how the IP Gateway can support your organization s homeland security efforts by contacting the IP Gateway Help Desk at IPGateway@hq.dhs.gov or * All images courtesy of U.S. Department of Homeland Security February 2015
4 Infrastructure Protection Gateway Rapid Survey Tool The Rapid Survey Tool (RST) is a non-regulatory data collection capability that examines the most critical aspects of a facility s security and resilience posture with efficient, baseline questions. It is a shorter survey that allows assessors to gather the general status of a facility before deciding whether an in-depth survey is required. The Web-based Rapid Survey Tool, available through the Infrastructure Protection Gateway (IP Gateway), captures a facility s physical and operational security and resilience data. The data are then analyzed to determine the facility s relative security and resilience in comparison to the national average for similar facilities. The resulting analysis is used to develop a Rapid Survey Information Center that equips owners and operators with knowledge to detect and prevent physical, cyber, and natural threats and respond to, recover from, and remain resilient against all hazards. Capabilities Source: U.S. Department of Homeland Security The RST enables assessors to: Collect pertinent cyber and physical security and resilience information on a facility; Conduct on-site security and resilience surveys in less than one (1) hour; Capture data, regardless of Internet access, for later upload to the IP Gateway; Ensure consistent data collection to support comparative analysis across facilities and assets; Use the tool s intuitive design to conduct surveys with minimal training; Collect data to support situational awareness and incident response activities; Determine whether an in-depth survey or assessment is required; and Pre-populate future surveys and assessments with data collected using the RST. Rapid Survey Information Center Source: U.S. Department of Homeland Security The Information Center, a brief overview of the survey results, is generated and returned to the facility owner and operator as a benefit of participating in the survey and providing their information. Key features of the Rapid Survey Information Center include: Comparison data of the facility s responses against facilities in a similar sector or subsector; Reports on the site s dependency information, increasing understanding of reliance on other assets and facilities; Resource guide to aid the owner and operator in enhancing their security and resilience status; and Regional maps showing natural hazards that may impact the facility s ability to carry out its intended mission. Contact Us Learn how the RST can support your organization s homeland security efforts by contacting the IP Gateway Help Desk at IPGateway@hq.dhs.gov or July 2014
5 est sint Enhanced Critical Infrastructure Protection Security Surveys The Enhanced Critical Infrastructure Protection (ECIP) initiative is a voluntary program which includes two parts: outreach and security surveys. Outreach establishes or enhances the Department of Homeland Security s (DHS s) relationship with critical infrastructure owners and operators and informs them of the importance of their facilities and the need for vigilance. Security surveys are conducted by the Office of Infrastructure Protection (IP) Protective Security Advisors (PSAs) to assess the overall security and resilience of the Nation s most critical infrastructure sites. Program Description The primary goals of ECIP initiative and security surveys are to: Forge strong relationships among the owners and operators of the Nation s most critical facilities, DHS, and Federal, State, local, tribal, and territorial partners. These relationships serve to increase communications and information sharing, enhance sector security, provide facility owners and operators access to Federal tools and resources. Inform and educate facility owners and operators about resilience and specific vulnerabilities and threats associated with the site or facility. To accomplish these goals, PSAs leverage existing relationships and provide coordination for IP programs and resources to enhance protection and resilience efforts. These efforts include outreach, training and education, and recommended protective measures. PSAs conduct voluntary ECIP security surveys in coordination with facility owners and operators, State Homeland Security Advisors, local law enforcement, sectorspecific agencies (SSAs) that oversee the 16 critical infrastructure sectors, and other critical infrastructure partners such as industry organizations. ECIP security surveys accomplish the following: Identify facilities physical security, security forces, security management, protective measures, information sharing, dependencies, and capabilities related to preparedness, mitigation, response, resilience and recovery Create facility Protective and Resilience Measures Indices (PMI/RMI) that can be compared with similar facilities Inform planning and resource allocation for implementing protective and resiliency measures Track the implementation of new protective and resilience measures DHS.gov The ECIP security surveys collect, process, and analyze facility assessment data in near real-time. Data collected during the ECIP security surveys is weighted and scored, enabling IP to conduct sector-by-sector and cross-sector vulnerability comparisons. These comparisons identify security gaps and trends and enable IP to track progress toward improving critical infrastructure security through its programs, outreach efforts, and training.
6 The resulting survey information is provided to owners and operators and may also be shared with the SSAs and other Federal, State, local, and private sector representatives through interactive Dashboards. In addition to providing a facility and sector security and resilience overview, the Dashboards highlight areas of potential concern and feature options to view the impact of potential enhancements to protective and resilience measures. ECIP metrics provide DHS with information on the protective and resilience measures in place at facilities and enable detailed analyses of site and sector vulnerabilities. This approach serves as a mechanism for IP to identify and document critical infrastructure overall security, to provide information for protective and resiliency measures planning and resources allocation, to facilitate Government information sharing, and to enhance its ability to analyze data and produce improved metrics. Contact Information For more information, please contact PDCDOperations@hq.dhs.gov. DHS.gov December 2013
7 Protective Measures Index The Homeland Security Act of was the governing document that officially formed the U.S. Department of Homeland Security (DHS) and mandated (among other things) that the department carry out comprehensive assessments of the vulnerabilities of the key resources and critical infrastructure of the United States. In response to this mandate, in 2009, the DHS and its Protective Security Advisors began assessing nationally critical infrastructure assets using a targeted questionnaire, the Infrastructure Survey Tool (IST). The data collected was used to produce assetspecific protective measure information conveyed through the Protective Measures Index (PMI). The main objective of the PMI is to provide a relative measure of the ability of a critical infrastructure asset to resist disruptive events an indication of how well protected the asset is. The PMI has been formulated to capture the fundamental aspects of protection for critical infrastructure and facilitates the comparison of protection postures across critical infrastructure assets. Aggregate information can be used to assess prevalent sector and subsector security gaps, identify potential protective measures and enhancements to reduce potential vulnerabilities, and assist in preparing sector risk estimates. The PMI methodology generates reproducible results that can support decisionmaking concerning critical infrastructure risk management. The PMI complements other indices that have been developed the Resilience Measurement Index (RMI) and Consequences Measurement Index (CMI) allowing a holistic view of most components of critical infrastructure risk. The PMI aggregates five operational dimensions of protection as shown in Figure 1: Physical Security, Security Management, Security Force, Information Sharing, and Security Activity Background. 2 The PMI calculation uses decisionanalytic techniques with a basis and multiattribute utility theory. The PMI ranges from 0 (low protection) to 100 (high protection) and is based on data collected via the IST that have been weighted by subject matter experts to indicate the relative importance of each variable to the asset s overall protection posture. Asset-specific protection information is displayed FIGURE 1. Level 1 Components of the PMI. on a Web-based tool called the IST PMI Dashboard. The IST PMI Dashboard provides valuable information to owners and operators regarding their facility s protection relative to similar assets. 3 The Dashboard can be used to create scenarios and assess relative improvement of overall facility protection when specific protective measures and/or 1 DHS, The Homeland Security Act of 2002, accessed April 4, Petit, F., G.W. Bassett, W.A. Buehring, M.J. Collins, D.C. Dickinson, R.A. Haffenden, A.A. Huttenga, M.S. Klett, J.A. Phillips, S.N. Veselka, K.E. Wallace, R.G. Whitfield, and J.P. Peerenboom, 2013, Protective Measures Index and Vulnerability Index: Indicators of Critical Infrastructure Protection and Vulnerability, Argonne National Laboratory, p The data displayed for the facility is static, reflective of the relative resilience of the facility at the time of the survey. If you have further questions about the PMI, please contact DHS at PSCDOperations@hq.dhs.gov.
8 procedures are added or changed. Policies, procedures, or operational methods are enhancements with which the facility may increase protection. Figure 2 is a screenshot of the IST PMI Dashboard Overview Screen. The Overview Screen displays overall PMI as well as the five main components: Physical Security, Security Management, Security Force, Information Sharing, and Security Activity Background. The sets of three dots allow the user to visually compare their facility protection stature to the low, average, and high protection postures of comparable facilities. The Dashboard s interactive Facility Scenario function allows the facility owner or operator to select possible protection enhancements and immediately see the resulting modified PMI (the light blue bars). FIGURE 2. IST PMI Dashboard Overview Screen (Illustrative Asset). The PMI should be used as part of an overall risk management program and can support decisionmaking about protection, business continuity, and emergency management of critical infrastructure. It provides important information about the protective measures implemented at a given facility and how that facility compares to similar facilities. Other factors such as location, specific vulnerabilities, and a cost-benefit analysis, should also be utilized to ensure a complete picture of a facility s protection level or posture. The asset-specific protection, used in conjunction with vulnerability information, and facility consequence and resilience information can provide decision makers with a comprehensive risk picture with which to make management and policy decisions ensuring the continued protection and resilience of our Nation s critical infrastructure.
9 Resilience Measurement Index In 2009, the U.S. Department of Homeland Security (DHS) and its Protective Security Advisors began surveying critical infrastructure using the Infrastructure Survey Tool (IST.) The data collected was initially used to produce asset specific protective measure through the Protective Measures Index (PMI). As national priorities for critical infrastructure expanded beyond protection to include focus on resilience 1, it became necessary to collect and display asset specific resilience-related information as well, resulting in the creation of the Resilience Measurement Index (RMI). Resilience, in the context of critical infrastructure, can be defined as the ability of an entity (e.g., asset, organization, community, region) to anticipate, resist, absorb, respond to, adapt to, and recover from a disturbance. 2 Enhancing the resilience of critical infrastructure requires its owners and operators to understand the ability of that infrastructure to withstand specific threats, minimize or mitigate potential impacts, and to return to normal operations if degradation occurs (threat to consequence.) The RMI has been formulated using decision-analytic Figure 1. -Level 1 and Level 2 Information Collected on Facility techniques with a basis in multi-attribute Resilience utility theory, to capture the fundamental aspects of resilience for critical infrastructure. The RMI is an aggregate measure of four operational dimensions that encompass the elements of that definition of resilience: Preparedness, Mitigation Measures, Response Capability, and Recovery Mechanisms (see Figure 1). The RMI, which ranges from 0 (low resilience) to 100 (high resilience), allows comparison of the resilience of different critical infrastructure assets and provides a basis for prioritizing the implementation of operational and physical enhancements to increase asset resilience. Asset specific resilience information is displayed on an interactive, Web-based tool called the IST RMI Dashboard. The IST RMI Dashboard provides valuable information to owners and operators regarding 1 Most recently see PPD-21, The Presidential Directive on Critical Infrastructure Protection and Resilience. 2 Carlson, L., G. Basset, W. Buehring, M. Collins, S. Folga, B. Haffenden, F. Petit, J. Phillips, D. Verner, and R. Whitfield, Resilience Theory and Applications, Argonne National Laboratory, Decision and Information Sciences Division, ANL/DIS-12-1, Argonne, Ill, USA, If you have further questions about the RMI, please contact DHS at PSCDOperations@hq.dhs.gov.
10 their facility s resilience relative to similar assets 3. The Dashboard can be used to create scenarios and assess the relative improvement of overall facility resilience when specific resilience measures and/or procedures are added or changed. Policies, procedures, or operational methods are enhancements with which the facility may increase resilience. Figure 2.-RMI Dashboard Overview Screen (Illustrative Asset) Figure 2 is a screenshot of the IST RMI Dashboard Overview Screen used to display the results of a resilience analysis for a particular asset. Existing facility resilience values are indicated with dark blue bars. The Overview Screen displays overall RMI as well as the four main components of the RMI (Preparedness, Mitigation Measures, Response Capabilities, and Recovery Mechanisms). The sets of three dots allow the user to visually compare their facility resilience stature to the low, average and high resilience postures of comparable facilities (e.g., sector, subsector, segment). The Dashboard s interactive Facility Scenario function allows the facility owner or operator to select possible resilience enhancements and immediately see the resulting modified RMI (the light blue bars). The RMI methodology supports decisionmaking related to emergency management, disaster response, and maintenance of business continuity. It is most valuable as part of an overall risk management program. Other factors such as location, specific vulnerabilities, and cost-benefit analyses can also be utilized to ensure a complete and comprehensive resilience picture for the asset. 4 The assets specific resilience information, used in conjunction with information on the vulnerabilities and consequences can provide decisionmakers with a holistic risk picture in which to make management and policy decisions ensuring the continued protection and resilience of our nation s critical infrastructure. 3 The data displayed for the facility is static, reflective of the relative resilience of the facility at the time of the survey 4 Facility vulnerability information can be ascertained via the PMI, and consequences via the consequence information collected in the survey
Infrastructure Protection Security Surveys
est sint Enhanced Critical Infrastructure Protection Security Surveys The Enhanced Critical Infrastructure Protection (ECIP) initiative is a voluntary program which includes two parts: outreach and security
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Infrastructure Information Collection Division August 2015 Michael A. Norman Overview
More informationWater Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary
Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary
More informationSupplemental Tool: NPPD Resources to Support Vulnerability Assessments
Supplemental Tool: NPPD Resources to Support Vulnerability Assessments NPPD Resources to Support Vulnerability Assessments Assessing vulnerabilities of critical infrastructure is an important step in developing
More informationTHE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013
THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The
More informationU.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District
U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District Securing the Nation s s critical infrastructures one community at a time Critical Infrastructure & Key Resources
More informationGAO CRITICAL INFRASTRUCTURE PROTECTION. DHS Could Better Manage Security Surveys and Vulnerability Assessments. Report to Congressional Requesters
GAO United States Government Accountability Office Report to Congressional Requesters May 2012 CRITICAL INFRASTRUCTURE PROTECTION DHS Could Better Manage Security Surveys and Vulnerability Assessments
More informationMaintaining School Safety and Security. Local Control and Accountability Plan
C.A.S.H. 2015 Maintaining School Safety and Security February 25, 2015 9:00 a.m. 10:30 a.m. Moderator: Nathaniel C. Holt, Pomona Unified School District Panel: Leonard Hernandez Jr. Pomona Unified School
More informationSupplemental Tool: Executing A Critical Infrastructure Risk Management Approach
Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Executing a Critical Infrastructure Risk Management Approach Risk is defined as the potential for an unwanted outcome resulting
More informationNASCIO 2014 State IT Recognition Awards
NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos
More informationWhich cybersecurity standard is most relevant for a water utility?
Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More information2. OVERVIEW OF THE PRIVATE INFRASTRUCTURE
A Functional Model for Critical Infrastructure Information Sharing and Analysis Maturing and Expanding Efforts ISAC Council White Paper January 31, 2004 1. PURPOSE/OBJECTIVES This paper is an effort to
More informationNovember is National Critical Infrastructure Security & Resilience Month
November is National Critical Infrastructure Security & Resilience Month In celebration of this very important awareness and the developing Critical Infrastructure and Key Resources (CIKR) Program for
More informationCIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS
CIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS April 2015 TABLE OF CONTENTS Acronyms and Abbreviations... 1 Workgroup Background... 2 Workgroup Findings... 3 Workgroup
More informationPROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM
PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM Don Dickinson Phoenix Contact USA P.O. Box 4100 Harrisburg, PA 17111 ABSTRACT Presidential Executive Order 13636 Improving
More informationTEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS
TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS INTRODUCTION The purpose of this document is to list the aligned with each in the Texas Homeland Security Strategic Plan 2015-2020 (THSSP).
More informationCRITICAL INFRASTRUCTURE PROTECTION. DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts
United States Government Accountability Office Report to Congressional Requesters September 2014 CRITICAL INFRASTRUCTURE PROTECTION DHS Action Needed to Enhance Integration and Coordination of Vulnerability
More informationNational Infrastructure Protection Plan Partnering to enhance protection and resiliency
National Infrastructure Protection Plan Partnering to enhance protection and resiliency 2009 Preface Risk in the 21st century results from a complex mix of manmade and naturally occurring threats and
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationDepartment of Homeland Security Information Sharing Strategy
Securing Homeland the Homeland Through Through Information Information Sharing Sharing and Collaboration and Collaboration Department of Homeland Security April 18, 2008 for the Department of Introduction
More informationWater Security in New Jersey: Partnership and Services
GOV. CHRIS CHRISTIE LT. GOV. KIM GUADAGNO DIR. CHRIS RODRIGUEZ NJOHSP OFFICE OF HOMELAND SECURITY AND PREPAREDNESS Preparedness Act Water Security in New Jersey: Partnership and Services Created by the
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationState Homeland Security Strategy (2012)
Section 1 > Introduction Purpose The purpose of the State Homeland Security Strategy (SHSS) is to identify statewide whole community priorities to achieve and sustain a strengthened ability to prevent,
More informationCS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool
INL/CON-07-12810 PREPRINT CS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool ISA Expo 2007 Kathleen A. Lee January 2008 This is a preprint of a paper intended for publication in a journal
More informationFinal Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative
Final Draft/Pre-Decisional/Do Not Cite Forging a Common Understanding for Critical Infrastructure Shared Narrative March 2014 1 Forging a Common Understanding for Critical Infrastructure The following
More informationSubject: Critical Infrastructure Identification, Prioritization, and Protection
For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationHSIN R3 User Accounts: Manual Identity Proofing Process
for the HSIN R3 User Accounts: Manual Identity Proofing Process DHS/OPS/PIA-008(a) January 15, 2013 Contact Point James Lanoue DHS Operations HSIN Program Management Office (202) 282-9580 Reviewing Official
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationDecember 17, 2003 Homeland Security Presidential Directive/Hspd-7
For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationUnited States Coast Guard Cyber Command. Achieving Cyber Security Together. Homeland Security
United States Coast Guard Cyber Command Achieving Cyber Together Brett Rouzer Chief of MCIKR Protection U.S. Coast Guard Cyber Command DHS NCCIC Liaison Officer (202) 372-3113 Brett.R.Rouzer@uscg.mil Vision
More informationPreventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationAll. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.
Coordinating Agency: Department of Homeland Security Cooperating Agencies: All INTRODUCTION Purpose Scope This annex describes the policies, responsibilities, and concept of operations for Federal incident
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationCritical Infrastructure Security & Resilience Month 2014 Toolkit
Critical Infrastructure Security & Resilience Month 2014 Toolkit Homeland Security Table of Contents Table of Contents... ii CRITICAL INFRASTRUCTURE SECURITY & RESILIENCE MONTH... 1 HOW TO PROMOTE CRITICAL
More informationMicrosoft Services Premier Support. Security Services Catalogue
Microsoft Services Premier Support Security Services Catalogue 2014 Microsoft Services Microsoft Services helps you get the most out of your Microsoft Information Technology (IT) investment with integrated
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationDepartment of Homeland Security
Department of Homeland Security Cybersecurity Awareness for Colleges and Universities EDUCAUSE Live! July 24, 2014 Overview Dramatic increase in cyber intrusions, data breaches, and attacks at institutions
More informationState of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013
State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and
More informationNATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY
NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive
More informationv. 03/03/2015 Page ii
The Trident University International (Trident) catalog consists of two parts: Policy Handbook and Academic Programs, which reflect current academic policies, procedures, program and degree offerings, course
More informationHomeland Security Virtual Assistance Center
for the Homeland Security Virtual Assistance Center November 3, 2008 Contact Point Donald M. Lumpkins National Preparedness Directorate (FEMA) (202) 786-9754 Reviewing Official Hugo Teufel III Chief Privacy
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,
More informationThreat and Hazard Identification and Risk Assessment
Threat and Hazard Identification and Risk Assessment Background/Overview and Process Briefing Homeland Security Preparedness Technical Assistance Program May 2012 PPD-8 Background A linking together of
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationComputer Network Security & Privacy Protection
Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE
ENERGY SECTOR CYBERSECURITY FRAMEWORK IMPLEMENTATION GUIDANCE JANUARY 2015 U.S. DEPARTMENT OF ENERGY OFFICE OF ELECTRICITY DELIVERY AND ENERGY RELIABILITY Energy Sector Cybersecurity Framework Implementation
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationPerforms the Federal coordination role for supporting the energy requirements associated with National Special Security Events.
ESF Coordinator: Energy Primary Agency: Energy Support Agencies: Agriculture Commerce Defense Homeland Security the Interior Labor State Transportation Environmental Protection Agency Nuclear Regulatory
More informationRelationship to National Response Plan Emergency Support Function (ESF)/Annex
RISK MANAGEMENT Capability Definition Risk Management is defined by the Government Accountability Office (GAO) as A continuous process of managing through a series of mitigating actions that permeate an
More informationSeptember 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President
004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive
More informationNuclear Reactors, Materials, and Waste Sector-Specific Plan An Annex to the National Infrastructure Protection Plan
Nuclear Reactors, Materials, and Waste Sector-Specific Plan An Annex to the National Infrastructure Protection Plan 2010 Preface The National Infrastructure Protection Plan (NIPP) provides the unifying
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationManaging Cyber Risks to Transportation Systems. Mike Slawski Cyber Security Awareness & Outreach
Managing Cyber Risks to Transportation Systems Mike Slawski Cyber Security Awareness & Outreach The CIA Triad 2 SABSA Model 3 TSA Mission in Cyber Space Mission - Facilitate the measured improvement of
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationPREPUBLICATION COPY. More Intelligent, More Effective Cybersecurity Protection
More Intelligent, More Effective Cybersecurity Protection January 2013 Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies with more than $7.3 trillion in
More informationUpdate on U.S. Critical Infrastructure and Cybersecurity Initiatives
Update on U.S. Critical Infrastructure and Cybersecurity Initiatives Presented to Information Security Now! Seminar Helsinki, Finland May 8, 2013 MARK E. SMITH Assistant Director International Security
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationAn Esri White Paper May 2012 ArcGIS for Emergency Management
An Esri White Paper May 2012 ArcGIS for Emergency Management Esri, 380 New York St., Redlands, CA 92373-8100 USA TEL 909-793-2853 FAX 909-793-5953 E-MAIL info@esri.com WEB esri.com Copyright 2012 Esri
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationEl Camino College Homeland Security Spring 2016 Courses
El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore
More information2014 Polk County ESF #2 Communications. Public Version. Public Version-Polk County ESF #2 Communications 2014
2014 Polk County ESF #2 Communications Public Version ESF#2 Communications 2014 Polk County Emergency Management Agency Page 1 of 13 Table of Contents 1. Introduction... 3 1.1 Purpose of ESF #2: Communication...
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationA Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst
TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationEstablishing A Secure & Resilient Water Sector. Overview. Legislative Drivers
Establishing A Secure & Resilient Water Sector December 14-15, 2010 LWQTC Overview Key Drivers Legislation Presidential Directives AWWA & Sector Initiatives Standards & Guidance Mutual Aid & Assistance
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationHow To Use The Homeland Security Network (Hsin)
Homeland Security Information Network (HSIN) Theresa Phillips HSIN Program Manager Strategic Overview HSIN Mission: HSIN provides a common network platform for gathering, fusing, analyzing and reporting
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationCritical Infrastructure Security and Resilience
U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International
More informationEmergency Support Function #11 Agriculture and Natural Resources Strategic Plan
Emergency Support Function #11 Agriculture and Natural Resources Strategic Plan 2016-2020 1 Table of Contents Preface...3 Introduction...4 Mission Statement...6 Vision Statement...6 Goals and Objectives...6
More informationWashington State Fusion Center. The Pacific Northwest Economic Region
FUSION CENTER SPOTLIGHT Washington State Fusion Center and the Pacific Northwest Economic Region: Building a Critical Infrastructure/ Key resource Information Sharing Capability Washington State Fusion
More informationWater Security Issues: The Federal Perspective. J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC
Water Security Issues: The Federal Perspective J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC Outline The Overall Concept for Water Security What s Important in
More informationNIPP 2013. Partnering for Critical Infrastructure Security and Resilience
NIPP 2013 Partnering for Critical Infrastructure Security and Resilience Acknowledgments NIPP 2013: Partnering for Critical Infrastructure Security and Resilience was developed through a collaborative
More informationNo. 33 February 19, 2013. The President
Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001
More informationBefore the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C. 20554. Comments of CTIA The Wireless Association
Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C. 20554 In the Matter of CSRIC IV Cybersecurity Risk Management and Assurance Recommendations ) ) ) PS Docket No. 15-68 ) ) Comments of CTIA
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationHITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What?
HITRUST CSF Assurance Program You Need a HITRUST CSF Assessment Now What? Introduction This material is designed to answer some of the commonly asked questions by business associates and other organizations
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationTestimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the
Testimony of Mr. Anish Bhimani On behalf of the Financial Services Information Sharing and Analysis Center (FS-ISAC) before the Committee on Homeland Security United States House of Representatives DHS
More informationSymantec Control Compliance Suite. Overview
Symantec Control Compliance Suite Overview Addressing IT Risk and Compliance Challenges Only 1 in 8 best performing organizations feel their Information Security teams can effectively influence business
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationHow To Write A Book On Risk Management
National Center for Risk and Economic Analysis of Terrorism Events CREATE FY2015 (Year 11) Call for White Papers CREATE, the DHS-sponsored Center of Excellence at the University of Southern California,
More informationSimply Sophisticated. Information Security and Compliance
Simply Sophisticated Information Security and Compliance Simple Sophistication Welcome to Your New Strategic Advantage As technology evolves at an accelerating rate, risk-based information security concerns
More informationGuidelines 1 on Information Technology Security
Guidelines 1 on Information Technology Security Introduction The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical
More information[STAFF WORKING DRAFT]
S:\LEGCNSL\LEXA\DOR\OI\PARTIAL\CyberWD..xml [STAFF WORKING DRAFT] JULY, 0 SECTION. TABLE OF CONTENTS. The table of contents of this Act is as follows: Sec.. Table of contents. Sec.. Definitions. TITLE
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More information